package com.lwq.util;

import com.lwq.exception.FieldException;

/**
 * Description:
 * Author: LiuWenQing
 * Datetime: 2021/6/11
 */
public class SqlUtil {

    public static String SQL_PATTERN = "[a-zA-Z0-9_\\ \\,\\.]+";

    /**
     * 检查字符，防止注入绕过
     */
    public static String escapeOrderBySql(String value) throws FieldException {
        if (StringUtils.isNotEmpty(value) && !isValidOrderBySql(value))
        {
            throw new FieldException("参数不符合规范，不能进行查询");
        }
        return value;
    }

    /**
     * 验证 order by 语法是否符合规范
     */
    public static boolean isValidOrderBySql(String value)
    {
        return value.matches(SQL_PATTERN);
    }
}
